2.0 What’s New in ZENworks 2017 Update 4

3.0 Planning to Deploy ZENworks 2017 Update 4

Use the following guidelines to plan for the deployment of ZENworks 2017 Update 4 in your Management Zone:

If you have applied the April 2019 Appliance Security Patches, before upgrading to ZENworks 2017 Update 4, you need to first apply the FTF that is available in bug 1134324.

If you are using Disk Encryption and you want to update the Full Disk Encryption Agent from a version earlier than ZENworks 2017 Update 1, you MUST remove the Disk Encryption policy from those managed devices before you update them to ZENworks 2017 Update 4.

If you are updating the Full Disk Encryption Agent from ZENworks 2017 Update 1 or 2017 Update 2 to ZENworks 2017 Update 4, leave the Disk Encryption policy in place, no change is required prior to the system update.

You must first upgrade the Primary Servers, then update the Satellite Servers, and finally the managed devices to ZENworks 2017 Update 4. Do not upgrade the managed devices and Satellite Servers (or add new 2017 Update 4 Agents in the zone) until all Primary Servers in the zone have been upgraded to ZENworks 2017 Update 4.

NOTE:Agents might receive inconsistent data from the zone until all Primary Servers are upgraded. Therefore, this part of the process should take place in as short a time as possible - ideally, immediately after the first Primary Server is upgraded.

You can directly deploy version 2017 Update 4 to the following devices:

Device Type

Operating System

Minimum ZENworks Version

Primary Servers

Windows and Linux

ZENworks 2017 and subsequent versions

Satellite Servers

Windows, Linux and Mac

ZENworks 11.x and subsequent versions

Managed Devices

Windows

ZENworks 11.x and subsequent versions

Linux

ZENworks 11.x and subsequent versions

Mac

ZENworks 11.2 and subsequent versions

The system reboots once after you upgrade to ZENworks 2017 Update 4. However, a double reboot will be required in the following scenarios:

If you update from 11.x to ZENworks 2017 or a subsequent version (2017 Update 1, Update 2, Update 3 or Update 4) with Endpoint Security enabled, you will need a second reboot to load the ZESNETAccess driver.

If a managed device uses Windows 10 with Client Self Defense enabled and you are upgrading from 11.4.x to ZENworks 2017 or a subsequent version (2017 Update1, Update 2, Update 3 or Update 4), you need to disable Client Self Defense in ZENworks Control Center, reboot the managed device, and then run the update, requiring a second reboot on the device.

If you have a Disk Encryption policy enforced on a managed device, and you want to update the Full Disk Encryption Agent from a version earlier than ZENworks 2017 Update 1 to ZENworks 2017 Update 4, you must first remove the policy and decrypt the device, which requires a device reboot. You then update the device to 2017 Update 4, requiring a second reboot.

IMPORTANT:Managed Devices running versions prior to 11.x must first be upgraded to 11.x. The system reboots after the upgrade to 11.x and then reboots again when the ZENworks 2017 Update 4 system update is deployed.

Prior to installing the System Update, ensure that you have adequate free disk space in the following locations:

Location

Description

Disk Space

Windows:%zenworks_home%\install\downloads

Linux:opt/novell/zenworks/install/downloads

To maintain agent packages.

5.7 GB

Windows:%zenworks_home%\work\content-repo

Linux:/var/opt/novell/zenworks/content-repo

To import the zip file to the content system.

5.7 GB

Agent Cache

To download the applicable System Update contents that are required to update the ZENworks server.

1.5 GB

Location where the System Update file is copied. This is only applicable for the ZENworks Server that is used to import the System Update zip file

To store the downloaded System Update zip file.

5.7 GB

4.0 Downloading and Deploying ZENworks 2017 Update 4

If your Management Zone consists of Primary Servers with a version prior to ZENworks 2017, you can deploy ZENworks 2017 Update 4 to these Primary Servers only after all of them have been upgraded to ZENworks 2017. For instructions, see the ZENworks Upgrade Guide.

IMPORTANT:Do not update the Remote Management (RM) viewer until all the Join Proxy Satellite Servers are updated in the zone. To perform Remote Management through Join Proxy, you need to ensure that the RM viewer version and the Join Proxy version are the same.

IMPORTANT:While deploying the ZENworks update, in the Preparing stage, the ZENworks Updater Service (ZeUS) on Primary Servers will be replaced with the new package that is included in the update.

Do not deploy ZENworks 2017 Update 4 until all Primary Servers in the zone have been upgraded to ZENworks 2017

This update requires schema changes to be made to the database. During the initial patch installation, the services will run only on the Master or dedicated Primary Server. This is to ensure that other Primary Servers do not try to access the tables being changed in the database.

After the Master or dedicated Primary Server has been updated, the services will resume on the remaining servers and the update will be applied simultaneously.

You do not need to manually stop or start the services on the servers during the update. The services will be stopped and started automatically.

When you postpone a system update and log out of the managed device, the system update is applied on the device.

After updating your zone, ensure that you upload the WADK WIM and Tuxera drivers again.

IMPORTANT:The ZENworks 17.4 update is required while updating the server to the next release version (ZENworks 17.4.1). Hence, ensure that you do not delete the ZENworks 17.4 system update from the server that might be updated to ZENworks 17.4.1.

7.1 Brightness percentage set as a part of the Mobile Device Control policy cannot be applied on Android devices

(Fixed in ZENworks 2020) A Mobile Device Control policy, with a specific brightness percentage value defined in the Set Brightness Percentage field, is assigned to an Android work-managed device, then the brightness value does not apply on the device and an error message “App not supported” is displayed in the Policy Status messages.

Workaround: None.

7.2 Direct Boot is not supported on Android P (9.0) devices

As acknowledged by Google, the Direct Boot feature does not work on Android P devices.

Workaround: None.

7.3 Device Keyguard settings do not work on devices where the ZENworks Agent app is upgraded from an earlier version to the 17.4.0. version

When the ZENworks Agent app on a device is upgraded to the 17.4.0 version, the Device Keyguard settings, enabled as part of the assigned Mobile Device Control policy, do not work on the device.

Workaround: Unenroll the device using the Unenroll quick task in ZCC and re-enroll it. Re-assign the same Mobile Device Control policy. The Device Keyguard settings will be successfully enabled on the device.

7.4 Device keyguard settings fails to apply on Android Lollipop and Marshmallow devices enrolled in the work profile mode

When the device keyguard settings are enabled as part of the Mobile Device Control Policy, the policy fails to apply on Android Lollipop and Marshmallow devices that are enrolled in the work profile mode. The status of the policy is displayed as failed in ZCC and the error message “You can not set trust agent configuration for a managed profile” is displayed in the device logs.

Workaround: None.

7.5 Unlock device quick task fails to apply on Android Lollipop and Marshmallow devices enrolled in the work profile mode

The Unlock Device quick task fails to apply on Android Lollipop and Marshmallow devices that are enrolled in the work profile mode. The status of the quick task is displayed as failed in ZCC and the error “You cannot reset password for managed profile” is displayed in the device logs.

Workaround: None.

7.6 After updating ZENworks, the novell-zenworks-xplat-uninstall RPM displays an incorrect version in ZDC

After the ZENworks Management Zone is upgraded, the novell-zenworks-xplat-uninstall RPM displays an incorrect version in ZDC.

NOTE:By default, the parameter maxConnections count is 10000 and will not be listed in the server.xml file. If the count 10000 is not sufficient, then add the parameter and based on the number of agents in the zone increase the count. In this example, maxConnections count is 20000.

Restart the ZENworks services.

7.11 The novell-proxydhcp service might not work on RHEL 7.5 and 7.6 imaging satellite server

The novell-proxydhcp service might not work on RHEL 7.5 and 7.6, as the port 67 required by the service is used by the dnsmasq service.

Workaround: Run the systemctl disable libvirtd.service command, and then restart the device:

7.12 Upgrade of a ZENworks 17.x appliance to a later version fails if the April 2019 Appliance Security Patches have been applied

(Fixed in ZENworks 2020) If you have applied the April 2019 Appliance Security Patches and then you try to upgrade a ZENworks 17.x appliance to a later version, some of the symbolic links (symlinks) such as /opt/novell/zenworks/lib32 and /opt/novell/zenworks/lib64 are replaced by new folders and hence the update fails.

Workaround: Apply the FTF that is available in bug 1134324 and then run the update again.

8.0 Additional Documentation

9.0 Legal Notice

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.novell.com/company/legal/.

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.